My Oracle Support Banner

Self XSS Vulnerability Combined With CSRF Leads To Reflected XSS (Doc ID 2830685.1)

Last updated on DECEMBER 30, 2021

Applies to:

Oracle Financial Services Transaction Filtering - Version 8.0.8.1.0 and later
Information in this document applies to any platform.

Symptoms

 Applications did not check and validate the value of the parameter “infodom” submitted by the user before inputting the response data back to the user in the [OFSAA URL]/XML_XSD_CONF_UI/index_sepa_admin.jsp

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.